Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How to frame this Pie chart- Dashboard panel?

Vani_26
Path Finder
‎12-06-2022 02:09 PM

below query:
index=app_mnt_apl  source=xxxx  

note: here the CustomerApp Details:  Countywise or CustomerApp Details:  Worldwise or CustomerApp Details:  Areawise are not in interested fields.


Sample logs:

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details:  Countywise

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details:  Worldwise

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details:  Areawise

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details:  Countywise

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details: Worldwise

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details: Areawise


I want to represent  CustomerApp Details: Areawise, Worldwise and countrywise   in a form of a pie  chart.
how to frame the query to get this???

Labels (1)
Labels
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎12-06-2022 03:37 PM

If you have no field representation for CustomerApp Details then you can extract it and do the stats with this

| rex "CustomerApp Details:\s+(?<AppDetails>\w+)"
| stats count by AppDetails

then just display as a pie chart

View solution in original post

Reply
Solved! Jump to solution
Solution

bowesmana
SplunkTrust
SplunkTrust
‎12-06-2022 03:37 PM

If you have no field representation for CustomerApp Details then you can extract it and do the stats with this

| rex "CustomerApp Details:\s+(?<AppDetails>\w+)"
| stats count by AppDetails

then just display as a pie chart

Reply
Solved! Jump to solution

Vani_26
Path Finder
‎12-06-2022 07:32 PM

hi @bowesmana , 
Thank you for the rex its working fine but i do have someother logs with the following 

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details:  Countywise-Ctl

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details: Worldwise

2022-11-12  15:12:27,678 [hanper risk-100] h.t.i.l.g. applicationreportanalysis [565677nmnm7676] - [THY-j767676] - [thy-application_THY] - CustomerApp Details: Areawise-Ctl

 

so, what would be the rex  for [thy-application_THY] - CustomerApp Details:  Countywise-Ctl and  Worldwise and Areawise-Ctl

 

0 Karma
Reply
Solved! Jump to solution

bowesmana
SplunkTrust
SplunkTrust
‎12-07-2022 01:39 PM

So, the regex I suggested was

| rex "CustomerApp Details:\s+(?<AppDetails>\w+)"

and that looks for any 'word' character. If this is the last data on that row you could do

| rex "CustomerApp Details:\s+(?<AppDetails>.*)"

or you could do this, which will find anything up to the next whitespace

| rex "CustomerApp Details:\s+(?<AppDetails>[^\s]+)"

 

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...